| Machine Learning as a Service(MLaaS)is currently a new service paradigm of-fered by cloud service providers.By deploying machine learning or deep learning mod-els in the public cloud,cloud service providers allow users to use a variety of machine learning-based applications,such as image classification,speech recognition,online translation and etc.These services often directly obtain users' data to get predicted results from models,which means that users need to upload data to public clouds.However,when users' input data contains personal information,e.g,medical data,the MLaaS paradigm will pose severe threats to users' privacy.In order to solve this security risk,researchers have proposed to use secure compu-tation techniques to ensure that users' data stays encrypted when evaluating in the cloud.Because the overall overhead of secure computation techniques is relatively high and the calculation of machine learning models is usually complicated,these schemes have very low computation and communication efficiency.This paper focuses on the sce-nario where users want to classify private images with a convolutional neural network(CNN)model hosted in the cloud,while both parties keep their data private.In general,this paper designs the security implementation of convolutional neural networks and proposes two secure and efficient schemes respectively for convolutional neural net-work predictions and model output queries to solve the security and privacy concerns when deploying convolutional neural networks in the cloud.The main contributions of this paper are as follows:1 Secure and efficient convulotional neural network predictions:This paper proposes a secure and efficient scheme for CNN predictions by analyzing the computational characteristics of different neural layers in CNNs.For convolu-tional layers,the Fast Fourier Transform is used to preprocess users'input data and model parameters,so that the cloud can efficiently evaluate users' private data with the model in the homomorphic ciphertext domain.For fully connected layers,in this paper,they are firstly transformed into equivalent convolutional layers and then implemented with the proposed secure evaluation method for con-volutional layers.For activation and pooling layers,this paper designs a secure implementation with secure two-party technique and optimizes the processing pipeline to reduce the number of operations in these two different neural layers,thereby increasing computational efficiency.2.Secure and efficient model output queries:This paper proposes two different solutions for two different scenarios with different functional and security de-mands.For the scenario where users only need to obtain the output label from public clouds,this paper proposes a security protocol with homomorphic encryp-tion to ensure that users cannot obtain other information about the model while acquiring the output label;For the scenario where users need to obtain both the output label and the corresponding probability from public clouds,this paper pro-poses the first secure protocol based on secure two-party computation,and opti-mizes it by the proposed simplified theorem for softmax function.This paper also analyzes the security and performance of proposed schemes,and proves their significance by comparing with previous work. |
PDF Full Text Request